Bug 889429 - (CVE-2014-3560) VUL-0: CVE-2014-3560: samba: Samba4 unstrcpy macro length is invalid
VUL-0: CVE-2014-3560: samba: Samba4 unstrcpy macro length is invalid
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
All openSUSE 13.1
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2014-07-29 18:19 UTC by Lars Müller
Modified: 2014-09-01 09:57 UTC (History)
3 users (show)

See Also:
Found By: Community User
Services Priority:
Business Priority:
Blocker: No
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Lars Müller 2014-07-29 18:19:52 UTC
embargoed via https://bugzilla.samba.org/show_bug.cgi?id=10735

CRD is 2014-08-01

We have Samba 4.1.9 currently only in openSUSE 13.1 as a released product.

Karolin Seeger drafted the advisory:

== Subject:     Remote code execution in nmbd
== CVE ID#:     CVE-2014-3560
== Versions:    Samba 4.0.0 to 4.1.9
== Summary:     Samba 4.0.0 to 4.1.9 are affected by a
==              remote code execution attack on
==		unauthenticated nmbd NetBIOS name services.


All current versions of Samba 4.x.x are vulnerable to a remote code
execution vulnerability in the nmbd NetBIOS name services daemon.

A malicious browser can send packets that may overwrite the heap of
the target nmbd NetBIOS name services daemon. It may be possible to
use this to generate a remote code execution vulnerability as the
superuser (root).

Patch Availability

A patch addressing this defect has been posted to


Additionally, Samba 4.1.11 and 4.0.21 have been issued as security
releases to correct the defect. Patches against older Samba versions
are available at http://samba.org/samba/patches/. Samba vendors and
administrators running affected versions are advised to upgrade or
apply the patch as soon as possible.


Do not run nmbd, the NetBIOS name services daemon.


This problem was found and the fix provided by Volker Lendecke, a
Samba Team member working for SerNet <vl@sernet.de>
Comment 1 Swamp Workflow Management 2014-07-30 22:00:13 UTC
bugbot adjusting priority
Comment 3 Lars Müller 2014-08-03 14:17:56 UTC
https://build.opensuse.org/request/show/243457  openSUSE 13.1  talloc
https://build.opensuse.org/request/show/243458  openSUSE 13.1  tdb
https://build.opensuse.org/request/show/243459  openSUSE 13.1  tevent
https://build.opensuse.org/request/show/243460  openSUSE 13.1  ldb
https://build.opensuse.org/request/show/243461  openSUSE 13.1  samba

Samba 4.1.11 requires ldb 1.1.17 which requires the version updates of talloc, tdb, and tevent.
Comment 4 Swamp Workflow Management 2014-08-20 17:05:37 UTC
openSUSE-SU-2014:1040-1: An update that solves one vulnerability and has 5 fixes is now available.

Category: security (moderate)
Bug References: 865627,884056,889429,889539,890005,890008
CVE References: CVE-2014-3560
Sources used:
openSUSE 13.1 (src):    ldb-1.1.17-3.4.1, samba-4.1.11-3.26.1, talloc-2.1.1-7.4.1, tdb-1.3.0-4.4.1, tevent-0.9.21-4.4.1
Comment 5 Marcus Meissner 2014-09-01 09:57:59 UTC
was released